tag:blogger.com,1999:blog-11547500934873121482018-03-05T11:20:43.314-05:00CERTStation LabFahdhttp://www.blogger.com/profile/13117699133623286926noreply@blogger.comBlogger240125tag:blogger.com,1999:blog-1154750093487312148.post-51226986407297426062015-10-26T05:17:00.000-04:002015-10-26T05:17:53.447-04:00October's Patch Tuesday covers Windows, IE, Edge and Office
In October's Patch Tuesday, Microsoft rolled out SIX security bulletins that contain more than 30 vulnerabilities targeting Windows, Internet Explorer, Edge, and Office. Out of 6 bulletins released, 3 of them are rated as 'CRITICAL'. MS15-106 a critical rated bulletin addresses 14 vulnerabilities in the Internet Exlporer. The issues fixed in this bulletin are related to memory corruption, cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-17949201508300985682015-09-23T03:12:00.003-04:002015-09-23T03:12:40.144-04:00Apple iOS 9 PATCHES Airdrop flaw
Apple has released an update for iOS 9, fixes a critical security flaw allowing intruders to inject malicious files in iPhones that can be used to hijack victim's phone later on. Security researcher Mark Dowd from Azimuth Security found the issue which affects almost all devices using iOS 7 or later, along with all Mac OS X Yosemite versions. According to PoC where Mark Dowd was forcing craftedcERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-74555795647496588402015-09-23T03:11:00.004-04:002015-09-23T03:11:44.613-04:00Beware!! Android Lollipop users
Researchers from University of Texas has found a security flaw in the lock screen feature of Android 5.x. According to John Gordon, a network security analyst at the University of Texas, the issue exists in the password field - unable to handle a sufficiently long string while the camera app is active, allowing an attacker to crash the lock screen. From the locked screen, one can easily bypass cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-6222354228933095942015-09-07T01:57:00.003-04:002015-09-07T01:57:36.418-04:00Google Chrome 45 addresses 29 flaws
Google has released Chrome 45 to address 29 security flaws affecting Windows, Mac, and Linux platforms. According to Google advisory, Six issues are rated as CRITICAL allowing remote code execution. These high-severity issues addressed cross-origin bypass flaws in DOM, covered in CVE-2015-1291 and CVE-2015-1293, where as a cross-origin bypass issue occurs in Service Worker that is covered in cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-27040472988283428852015-09-07T01:56:00.003-04:002015-09-07T01:56:44.993-04:00Bugzilla hack eXposes Firefox 0-day flaw
Mozilla confirmed about Bugzilla breached by an attacker who was able to get access to sensitive information about zero-day flaws in Firefox. According to Mozilla, the intruder was able to breach a high-level user's account who had access to Bugzilla that contains information of non-public zero-day security flaws. Mozilla said attacker took control of the account since September 2013 and cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-89273825917972724972015-08-05T02:52:00.005-04:002015-08-05T02:52:35.220-04:00Not Again !! Another bug puts Android phone @ risk
Earlier it was Zimperium that informed about the Stagefright flaw affecting nearly 950 million (95%) smartphone across the globe, and now its Trend Micro turns to come up with another security flaw in the Android mediaservice which can cause your smartphone to become unresponsive. As compare to Stagefright bug, this new vulnerability affects Android versions 4.3 and above. So statistically 56.8cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-72873673065152165022015-08-05T02:51:00.004-04:002015-08-05T02:51:56.277-04:00BIND Critical flaw causes Internet outage
Widely used DNS server software - BIND is under attacked to cause disruption in the internet service for many users. The BIND versions 9.1.0 to 9.10.2-P2 are affected and can be exploited to crash DNS servers that are powered by the software. Internet Systems Consortium (ISC) has released a patch to rectify this critical issue that affects both authoritative and recursive DNS servers with a cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-70385325702443870252015-07-07T01:39:00.001-04:002015-07-07T01:39:24.764-04:00Apple PATCHES OS X and iOS bugs
Apple has releases patches for various security flaws found in its desktop and mobile operating systems. Apple users are waiting for the new releases of iOS 9 and OS X 10.11, but they have to apply security updates for iOS 8 and OS X 10.10. It is believed to be the first major Apple security patch updates since April 8. OS X 10.10.4 security update fixes three vulnerabilities in Apple's Admin cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-23698780389244551662015-07-07T01:37:00.001-04:002015-07-07T01:37:26.816-04:00'Selfies' a new authentication method for MasterCard
Taking selfies usually considered by many people as a mental disorder and we have read several reports regarding this, but not anymore now as one of the largest online payment system is going for a trial to take selfies as replacement authentication for passwords. MasterCard said that it will test this new mechanism just to know that how much it will be effective to minimize fraud threats. cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-77620586839615829552015-06-29T09:11:00.000-04:002015-06-29T09:11:14.182-04:00ZERO day fix for Adobe Flash Player
Adobe systems has released an out-of-cycle security patch to fix critical zero-day flaw in a Flash plugin that could allow remote code execution on a compromised system. According to advisory, this critical issue is covered in CVE-2015-3113 and affects Flash Player 18.0.0.161 and earlier versions on Windows and Mac, and version 11.2.202.466 and earlier releases on Linux. Adobe credits FireEye cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-72983499335087774742015-06-29T09:10:00.003-04:002015-06-29T09:10:29.857-04:00HP releases unpatched IE exploit code
Although Microsoft paid a huge amount of $125,000 for finding Address Space Layout Randomisation (ASLR) vulnerability in Internet Explorer 11 to HP's Zero Day Initiative. Company still not eager to release the security patch to address the flaw. After Microsoft refusal, HP has decided to publish Proof-of-Concept code that could be used to exploit the vulnerability. According to HP, they are cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-11411753562450593952015-06-23T03:51:00.001-04:002015-06-23T03:51:33.192-04:000-day identified in Apple OSX and iOS
Security researchers have spotted 0-day vulnerabilities targeting Apple operating systems, i.e., Mac OS X and iOS. The impact of the issue could allow an intruder to steal sensitive information that can aid further attacks later on. The security flaws presented in a joint research paper entitled 'Unauthorized Cross-App Resource Access on Mac OS X and iOS' by Indiana University's Xiaolong Bai, cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-71139134910928253092015-06-23T03:50:00.002-04:002015-06-23T03:50:12.893-04:00Samsung Galaxy flaw affects 600M users globally
Most widely used smartphone Samsung Galaxy is feeling the heat these days as approx 600 million Samsung phones may be vulnerable to a serious security flaw. According to security researcher Ryan Welton from NowSecure, it allows hackers to stealthy monitor the camera and microphone, read incoming and outgoing text messages, and install malformed apps on the vulnerable smartphones. The issue cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-57677867399066268062015-06-18T06:34:00.001-04:002015-06-18T06:34:26.010-04:00Critical Updates for Windows and Internet Explorer
A light Patch Tuesday for June has been released by Microsoft that contains security patches for just two 'CRITICAL' and eight 'important' rated vulnerabilities. Critical security updates target Windows and Internet Explorer. Critical issue that affects the Windows operating system is due to an error in the media player that allows remote code execution on the compromised machines. Similarly, cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-3838298871738384862015-06-18T06:32:00.003-04:002015-06-18T06:32:53.650-04:00Kaspersky a victim of a spohisticated cyber-attack
Kaspersky Lab revealed last wednesday that a very sophisticated cyber-attack named Duqu penetrated some of its internal systems by exploiting a zero-day flaw in the Windows Kernel. This APT attack is operating since 2012 that shows how sophisticated Duqu is - even a security giant Kaspersky is unable to figure out its presence for such a long period. A new version dubbed Duqu 2 arised in 2014 cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-4076103975521277272015-06-09T06:55:00.004-04:002015-06-09T06:55:38.521-04:00Facebook focuses on message security
Facebook is fully aware about users privacy that's why company has added support for OpenPGP keys used in its email messaging to secure users from cyber criminals. Facebook inform users about this feature used to improve the privacy of email content by rolling out an experimental new feature that allows users to add OpenPGP public keys to their profile. GNU Privacy Guard implementation of cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-75407533302463345902015-06-09T06:53:00.001-04:002015-06-09T06:53:07.183-04:00Microsoft Windows gets SSH support
Redmond is finally planning to support SSH in Windows and their boffins will take participation in the OpenSSH project. SSH is being widely used by Unix and Linux systems for years to remotely connect to system, but Microsoft has never given SSH by default. As SSH becomes the default standard for secure remote logins, this put onus on Microsoft as its users wanted to have default support for cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-72491988809847681952015-06-05T03:43:00.003-04:002015-06-05T03:43:27.957-04:00iPhone crashes with just a text message
Few days back there was a news regarding iPhone crashes with a specially crafted text. Apple quickly released a workaround for iPhones, iPads and the Apple Watch, also advises the use of Siri can mitigate problems caused by the simple text attack. Company will provide the proper patch to rectify this security flaw once for all but meanwhile Apple urges users to apply workaround to keep them cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-30024874599947817112015-06-05T03:42:00.002-04:002015-06-05T03:42:41.965-04:00Facebook launches new security checkup tool
Facebook rolls out a new feature called Security Check-up that will boost the security of user's account. Facebook is usually a prime target for hackers due to its popularity and widely usage so proper mechanism are in placed by the company to secure user profiles. The Check-up will pop up over the top of the site, prompting users to explore new options in order to increase security. Users cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-19848201466964522022015-05-26T03:23:00.006-04:002015-05-26T03:23:43.172-04:00Google Chrome 43 fixes 37 vulns
Google released Chrome 43 that provides patches for 37 security flaws along with numerous improvements across different components of the browser. Google is quite famous for its bug bounty program and this time is no exception as company has given around $40,000 to security researchers. Google awarded the highest amount of $16,337 to an anonymous researcher who has found a CRITICAL cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-23247443790191483642015-05-26T03:23:00.000-04:002015-05-26T03:23:00.934-04:00FIRST EVER Security update for Apple Watch
Apple rolled out the first security update for its recently launched Apple Watch that uses an iOS-based operating system. Company releases patches for 13 security flaws targeting kernel, Secure Transport, FontParser, the Foundation framework, IOHIDFamily and IOAcceleratorFamily components. According to advisory, security flaw in the FontParser allows execution of arbitrary code via malformed cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-3503551119598558122015-05-19T03:45:00.004-04:002015-05-19T03:45:55.587-04:0013 Bulletins for last PATCH Tuesday
Recently Microsoft official statement reveals that from now onwards users will get the security patch as soon as it is available. So this might the last Patch Tuesday and brings 13 security bulletins where three are rated as CRITICAL and remaining ten are rated as IMPORTANT. Critical bulletins include MS15-043 targets Internet Explorer that patches 22 CVEs. Second critical bulletin MS15-044 cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-10385352544593621622015-05-19T03:44:00.003-04:002015-05-19T03:44:44.738-04:00Huge PATCHES for Adobe products
Along with Microsoft Patch Tuesday, Adobe systems has also released security updates covering 52 vulnerabilities in Flash, Reader and Acrobat. According to advisory the updates fix 18 vulnerabilities in Flash player 34 flaws in Adobe Reader and Acrobat. Fixes are issued for Windows, Mac and Linux platforms that allow intruders to take complete control over the vulnerable system. APSB15-09 cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-9968620333157167532015-05-12T02:29:00.001-04:002015-05-12T02:29:17.908-04:00Apple Safari gets NEW security fixes
On Wednesday, Apple rolled out a new version of Safari web browser fixing five security flaws found in the WebKit browser engine. The fixes address flaws in Safari versions 8.0.6, 7.1.6 and 6.2.6. Three out of Five fixes are related to memory corruption flaws that could allow intruders to execute arbitrary code or cause the vulnerable browsers to crash unexpectedly. According to advisory, thesecERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-91234118774900383502015-05-12T02:28:00.001-04:002015-05-12T02:28:12.746-04:00Unpatched SAP apps pose security risks
Onapsis, a security firm famous for finding out security flaws in SAP applications revealed that cybercriminals usually use pivoting, portal attacks and database warehousing techniques to take control of SAP systems at the application layer. Onapsis Research Labs indicates in the assessment report which was conducted recently and declares that almost 95 percent of ERP implementations involving cERTxnoreply@blogger.com0